Akamai Diversity
Home > Web Security > Data Breaches Fuel Login Attacks

Data Breaches Fuel Login Attacks

The following PLXsert advisory came out last week, but I'm just back from vacation and catching up on what I missed. This one is high-risk and worth mentioning here.

Public dumps of compromised data from several high-profile attacks have fueled an increase in automated and systematic attempts to reuse stolen credentials at multiple websites.

The requests show user agents are systematically randomized. One of the most targeted sectors is online financial services. Other industries targeted by these brute force attacks are online entertainment, high tech consulting and Software-as-aService(SaaS).

What the bad guys are doing:

  • Attackers are harvesting ID and password combinations from public dumps of compromised data.
  • Automated tools are used to systematically attempt to gain access to other sites using the available credentials.
  • Online financial services is the most targeted industry for these types of attacks.
  • Other frequent targets are online entertainment, high-tech consulting and Software-as-a-Service (SaaS) providers.
  • The availability of numerous high-profile and large data dump leaks are contributing to the problem.
  • The use of brute force login attempts tends to surge following compromises and disclosures of big data dumps.

Protective measures:

To blunt these attacks, enterprises can follow the same best practices around passwords and access control that have been standard for years:

  • Enforce password complexity requirements
  • Enforce account lockout threshold limits
  • Monitor suspicious traffic and activity following login attempts or successful logins
  • Use tools such as CAPTCHA or RECAPTCHA
  • Use multi-factor authentication
  • Use randomized URLs for login to mitigate automated tools
  • Lockout IP addresses that have made multiple login attempts, providing they are not proxies
  • Use rate control rules

For complete details, check out the full advisory, available on our State of the Internet site.

1 Comment

Provisioning and hardening is without question one of the most important measures for helping ensure the safety and security of critical information systems. After all, how good is anyone’s security posture if no initiatives have been undertaken for locking down and hardening firewalls, routers, servers, applications and other critical hardware and software solutions? As a security auditor, I find that many companies – regardless of industry or size – have little or no documentation for such practices, which is not good at all, and it’s time this changes. After all, there are untold numbers of free and very cost-effective hardening checklists online that can be easily download and used immediately

Leave a comment